Browse Source

Support deploying OVN as container services

This patch adds the support to containerize OVN services for the
base profile.

OVN db servers do not support active-active mode yet. It does support
master-slave mode supported through pacemaker, which will be supported
in a later patch.

Presently the tripleo container framework doesn't allow to start a
container in only controller 0 (or bootstrap node). OVN db servers and
ovn-northd are started on all the controllers, but only the OVN db
servers running in the boot strap controller are configured to listen
on the tcp ports 6641 and 6642. OVN neutron mechanism driver
and ovn-controller's use the ovn_dbs_vip to connect to the OVN db servers.
Haproxy configures all the controllers as back ends, but only OVN db
servers running on controller 0 respond since only they are configured
properly.

The OVN containers running on other controller nodes do not interact
any way, but are wasteful resources.

This patch also adds the scenario007-multinode-containers CI template.

Partial-bug: #1699085
Depends-On: Idc027e41d0e98eebe134be4c0909c4165eb8e83d
Depends-On: I341995fa21ce759104a0b3431f6d434f93a5fdcc
Depends-On: Ia409617cab5a31f19875844c676dad87518977fc
Change-Id: I98b85191cc1fd8c2b166924044d704e79a4c4c8a
changes/60/468860/25
Numan Siddique 5 years ago
parent
commit
e7cd03d2f0
  1. 82
      ci/environments/scenario007-multinode-containers.yaml
  2. 105
      docker/services/ovn-controller.yaml
  3. 202
      docker/services/ovn-dbs.yaml
  4. 27
      environments/services-docker/neutron-ovn.yaml
  5. 4
      releasenotes/notes/ovn-container-support-3ab333fff6e90dc4.yaml

82
ci/environments/scenario007-multinode-containers.yaml

@ -0,0 +1,82 @@
resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
# NOTE: This is needed because of upgrades from Ocata to Pike. We
# deploy the initial environment with Ocata templates, and
# overcloud-resource-registry.yaml there doesn't have this Docker
# mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
# remove this.
OS::TripleO::Services::Docker: OS::Heat::None
OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml
OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
parameter_defaults:
ControllerServices:
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronServer
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::OVNDBs
- OS::TripleO::Services::OVNController
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaApi
- OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Iscsid
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
# Required for Centos 7.3 and Qemu 2.6.0
nova::compute::libvirt::libvirt_cpu_mode: 'none'
# For OVN.
NeutronMechanismDrivers: ovn
OVNVifType: ovs
OVNNeutronSyncMode: log
OVNQosDriver: ovn-qos
OVNTunnelEncapType: geneve
NeutronEnableDHCPAgent: false
NeutronTypeDrivers: 'geneve,vlan,flat,vxlan'
NeutronNetworkType: 'geneve'
NeutronServicePlugins: 'qos,networking_ovn.l3.l3_ovn.OVNL3RouterPlugin'
NeutronVniRanges: ['1:65536', ]
OVNBridgeMappings: 'datacentre:br-ex'
Debug: true
BannerText: |
******************************************************************
* This system is for the use of authorized users only. Usage of *
* this system may be monitored and recorded by system personnel. *
* Anyone using this system expressly consents to such monitoring *
* and is advised that if such monitoring reveals possible *
* evidence of criminal activity, system personnel may provide *
* the evidence from such monitoring to law enforcement officials.*
******************************************************************
# we don't deploy Swift so we switch to file backend.
GlanceBackend: 'file'
IronicCleaningDiskErase: 'metadata'
NotificationDriver: 'noop'

105
docker/services/ovn-controller.yaml

@ -0,0 +1,105 @@
heat_template_version: pike
description: >
OpenStack containerized Ovn Controller agent.
parameters:
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
DockerOvnControllerImage:
description: image
type: string
DockerOvnControllerConfigImage:
description: The container image to use for the ovn_controller config_volume
type: string
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
OvnControllerBase:
type: ../../puppet/services/ovn-controller.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Ovn Controller agent.
value:
service_name: {get_attr: [OvnControllerBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [OvnControllerBase, role_data, config_settings]
step_config: &step_config
get_attr: [OvnControllerBase, role_data, step_config]
service_config_settings: {get_attr: [OvnControllerBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
puppet_tags: vs_config
config_volume: ovn_controller
step_config: *step_config
config_image: {get_param: DockerOvnControllerConfigImage}
# We need to mount /run for puppet_config step. This is because
# puppet-vswitch runs the commands "ovs-vsctl set open_vswitch . external_ids:..."
# to configure the required parameters in ovs db which will be read
# by ovn-controller. And ovs-vsctl talks to the ovsdb-server (hosting conf.db)
# on the unix domain socket - /run/openvswitch/db.sock
volumes:
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch
kolla_config:
/var/lib/kolla/config_files/ovn_controller.json:
command: /usr/bin/ovn-controller --pidfile --log-file unix:/run/openvswitch/db.sock
permissions:
- path: /var/log/openvswitch
owner: root:root
recurse: true
docker_config:
step_4:
ovn_controller:
image: {get_param: DockerOvnControllerImage}
net: host
privileged: true
user: root
restart: always
volumes:
- /var/lib/kolla/config_files/ovn_controller.json:/var/lib/kolla/config_files/config.json:ro
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch
- /var/log/containers/openvswitch:/var/log/openvswitch
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
- name: Stop and disable ovn-controller service
tags: step2
service: name=ovn-controller state=stopped enabled=no

202
docker/services/ovn-dbs.yaml

@ -0,0 +1,202 @@
heat_template_version: pike
description: >
OpenStack containerized Ovn DBs service
parameters:
DockerOvnNbDbImage:
description: image
type: string
DockerOvnSbDbImage:
description: image
type: string
DockerOvnNorthdImage:
description: image
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
OVNDbsBase:
type: ../../puppet/services/ovn-dbs.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the OVN Dbs role.
value:
service_name: {get_attr: [OVNDbsBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [OVNDbsBase, role_data, config_settings]
step_config: &step_config
get_attr: [OVNDbsBase, role_data, step_config]
# BEGIN DOCKER SETTINGS
# puppet_config is not required for this service since we configure
# the NB and SB DB servers to listen on the proper IP address/port
# in the docker_config section.
# puppet_config is defined to satisfy the pep8 validations.
puppet_config:
config_volume: ''
config_image: ''
step_config: *step_config
kolla_config:
/var/lib/kolla/config_files/ovn_north_db_server.json:
command:
list_join:
- ' '
- - '/usr/sbin/ovsdb-server'
- '/var/lib/openvswitch/ovnnb.db'
- '--pidfile=/run/openvswitch/ovnnb_db.pid'
- '-vconsole:emer -vsyslog:err -vfile:info'
- '--remote=punix:/run/openvswitch/ovnnb_db.sock'
- '--unixctl=/run/openvswitch/ovnnb_db.ctl'
- '--remote=db:OVN_Northbound,NB_Global,connections'
- '--private-key=db:OVN_Northbound,SSL,private_key'
- '--certificate=db:OVN_Northbound,SSL,certificate'
- '--ca-cert=db:OVN_Northbound,SSL,ca_cert'
- '--log-file=/var/log/openvswitch/ovsdb-server-nb.log'
permissions:
- path: /var/log/openvswitch
owner: root:root
recurse: true
/var/lib/kolla/config_files/ovn_south_db_server.json:
command:
list_join:
- ' '
- - '/usr/sbin/ovsdb-server'
- '/var/lib/openvswitch/ovnsb.db'
- '--pidfile=/run/openvswitch/ovnsb_db.pid'
- '-vconsole:emer -vsyslog:err -vfile:info'
- '--remote=punix:/run/openvswitch/ovnsb_db.sock'
- '--unixctl=/run/openvswitch/ovnsb_db.ctl'
- '--remote=db:OVN_Southbound,SB_Global,connections'
- '--private-key=db:OVN_Southbound,SSL,private_key'
- '--certificate=db:OVN_Southbound,SSL,certificate'
- '--ca-cert=db:OVN_Southbound,SSL,ca_cert'
- '--log-file=/var/log/openvswitch/ovsdb-server-sb.log'
permissions:
- path: /var/log/openvswitch
owner: root:root
recurse: true
/var/lib/kolla/config_files/ovn_northd.json:
command:
list_join:
- ' '
- - '/usr/bin/ovn-northd -vconsole:emer -vsyslog:err -vfile:info'
- '--ovnnb-db=unix:/run/openvswitch/ovnnb_db.sock'
- '--ovnsb-db=unix:/run/openvswitch/ovnsb_db.sock'
- '--log-file=/var/log/openvswitch/ovn-northd.log'
- '--pidfile=/run/openvswitch/ovn-northd.pid'
permissions:
- path: /var/log/openvswitch
owner: root:root
recurse: true
docker_config:
step_4:
ovn_north_db_server:
start_order: 0
image: {get_param: DockerOvnNbDbImage}
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ovn_north_db_server.json:/var/lib/kolla/config_files/config.json:ro
- /lib/modules:/lib/modules:ro
- /var/lib/openvswitch/ovn:/var/lib/openvswitch
- /var/lib/openvswitch/ovn:/run/openvswitch
- /var/log/containers/openvswitch:/var/log/openvswitch
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
ovn_south_db_server:
start_order: 0
image: {get_param: DockerOvnSbDbImage}
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ovn_south_db_server.json:/var/lib/kolla/config_files/config.json:ro
- /lib/modules:/lib/modules:ro
- /var/lib/openvswitch/ovn:/var/lib/openvswitch
- /var/lib/openvswitch/ovn:/run/openvswitch
- /var/log/containers/openvswitch:/var/log/openvswitch
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
configure_ovn_north_db_server:
start_order: 1
action: exec
user: root
command: ['ovn_north_db_server', '/bin/bash', '-c', 'DBS_LISTEN_IP=`hiera ovn::northd::dbs_listen_ip -c /etc/puppet/hiera.yaml`; NB_DB_PORT=`hiera ovn::northbound::port -c /etc/puppet/hiera.yaml`; /usr/bin/bootstrap_host_exec ovn_dbs ovn-nbctl set-connection ptcp:$NB_DB_PORT:$DBS_LISTEN_IP']
configure_ovn_south_db_server:
start_order: 1
action: exec
user: root
command: ['ovn_south_db_server', '/bin/bash', '-c', 'DBS_LISTEN_IP=`hiera ovn::northd::dbs_listen_ip -c /etc/puppet/hiera.yaml`; SB_DB_PORT=`hiera ovn::southbound::port -c /etc/puppet/hiera.yaml`; /usr/bin/bootstrap_host_exec ovn_dbs ovn-sbctl set-connection ptcp:$SB_DB_PORT:$DBS_LISTEN_IP']
ovn_northd:
start_order: 2
image: {get_param: DockerOvnNorthdImage}
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ovn_northd.json:/var/lib/kolla/config_files/config.json:ro
- /lib/modules:/lib/modules:ro
- /var/lib/openvswitch/ovn:/run/openvswitch
- /var/log/containers/openvswitch:/var/log/openvswitch
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/openvswitch
- /var/lib/openvswitch/ovn
upgrade_tasks:
- name: Stop and disable ovn-northd service
tags: step2
service: name=ovn-northd state=stopped enabled=no

27
environments/services-docker/neutron-ovn.yaml

@ -0,0 +1,27 @@
# A Heat environment that can be used to deploy OVN services with non HA OVN DB servers.
resource_registry:
OS::TripleO::Docker::NeutronMl2PluginBase: ../../puppet/services/neutron-plugin-ml2-ovn.yaml
OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml
OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml
# Disabling Neutron services that overlap with OVN
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
parameter_defaults:
NeutronMechanismDrivers: ovn
OVNVifType: ovs
OVNNeutronSyncMode: log
OVNQosDriver: ovn-qos
OVNTunnelEncapType: geneve
NeutronEnableDHCPAgent: false
NeutronTypeDrivers: 'geneve,vxlan,vlan,flat'
NeutronNetworkType: 'geneve'
NeutronServicePlugins: 'qos,ovn-router'
NeutronVniRanges: ['1:65536', ]
DockerNeutronApiImage: 'tripleoupstream/centos-binary-neutron-server-ovn:latest'
DockerNeutronConfigImage: 'tripleoupstream/centos-binary-neutron-server-ovn:latest'

4
releasenotes/notes/ovn-container-support-3ab333fff6e90dc4.yaml

@ -0,0 +1,4 @@
---
features:
- Support containerized ovn-controller
- Support containerized OVN Dbs without HA
Loading…
Cancel
Save